7.3 High
AI Score
Confidence
Low
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.039 Low
EPSS
Percentile
91.9%
The StgCompObjStream::Load() failed to check the validity of a length
field in documents. If an attacker tricked a user to open a specially
crafted OpenOffice file, this triggered a buffer overflow which could
lead to arbitrary code execution with the privileges of the user
opening the document.
The update for Ubuntu 5.04 (Hoary Hedgehog) also contains a
translation update: The “openoffice.org-l10n-xh” package now contains
actual Xhosa translations (the previous version just shipped English
strings).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 5.04 | noarch | openoffice.org-l10n-xh | < * | UNKNOWN |
Ubuntu | 5.04 | noarch | openoffice.org-bin | < * | UNKNOWN |
Ubuntu | 4.10 | noarch | openoffice.org-l10n-xh | < * | UNKNOWN |
Ubuntu | 4.10 | noarch | openoffice.org-bin | < * | UNKNOWN |